Overview

overview

7

Static

static

3

672a38cc7f...0N.exe

windows7-x64

7

672a38cc7f...0N.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    118s
  • max time network
    17s
  • platform
    windows7_x64
  • resource
    win7-20240729-en
  • resource tags

    arch:x64arch:x86image:win7-20240729-enlocale:en-usos:windows7-x64system
  • submitted
    02/08/2024, 06:17

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    672a38cc7f6c3e9c218fbbee5b18a6b0N.exe

  • Size

    395KB

  • MD5

    672a38cc7f6c3e9c218fbbee5b18a6b0

  • SHA1

    fcd7199a0c1fa599004da4ee984a6356ed4d843a

  • SHA256

    217510381096df978a1f6b86abc470c78f872a9007d7d3ed76ea3d4d38f40d84

  • SHA512

    3751f68ddd9494c6240d7a4d90b6da3bc17461b8d3677e82446f5bde959faab4c83b8adde91aeaacf53ec73ad6cfbf061887754636a06d5caa5ef6dbf0959cdc

  • SSDEEP

    6144:4jlYKRF/LReWAsUyXTJF7Y3GB/Ie7S2rputlncG8QaG6IqhBg6jwKAdI:4jauDReW/F0KtS29utlncrQaG6Rg6jT5

Score
7/10
discoverypersistence

Malware Config

Signatures

  • Executes dropped EXE 1 IoCs
  • Loads dropped DLL 2 IoCs
  • Adds Run key to start application 2 TTPs 1 IoCs
    persistence
  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • System Location Discovery: System Language Discovery 1 TTPs 2 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

    discovery
  • Suspicious use of WriteProcessMemory 4 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\672a38cc7f6c3e9c218fbbee5b18a6b0N.exe
    "C:\Users\Admin\AppData\Local\Temp\672a38cc7f6c3e9c218fbbee5b18a6b0N.exe"
    1⤵
    • Loads dropped DLL
    • System Location Discovery: System Language Discovery
    • Suspicious use of WriteProcessMemory
    PID:3068
    • C:\ProgramData\defhq.exe
      "C:\ProgramData\defhq.exe"
      2⤵
      • Executes dropped EXE
      • Adds Run key to start application
      • System Location Discovery: System Language Discovery
      PID:2216

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Documents and Settings .exe
    Filesize

    395KB

    MD5

    456b7b2393f8df84ed93aac7b3fcd31f

    SHA1

    ccd999d19c8988dee6153873543e4413d9120282

    SHA256

    477154a6ac248e1fc29f27c6445a526961cf81c78e476885ac272dfd3cc5af29

    SHA512

    7aca312b08e41b7c6208a12781adebdb3104c63030dae82c5ed232e68130145427be1a9c3e8bc8dff67f3aa469f98236b57677efe05b55da46d31c239306ace3

    Download Submit

  • C:\ProgramData\Saaaalamm\Mira.h
    Filesize

    136KB

    MD5

    cb4c442a26bb46671c638c794bf535af

    SHA1

    8a742d0b372f2ddd2d1fdf688c3c4ac7f9272abf

    SHA256

    f8d2c17bdf34ccfb58070ac8b131a8d95055340101a329f9a7212ac5240d0c25

    SHA512

    074a31e8da403c0a718f93cbca50574d8b658921193db0e6e20eacd232379286f14a3698cd443dc740d324ad19d74934ae001a7ad64b88897d8afefbc9a3d4e3

    Download Submit

  • \ProgramData\defhq.exe
    Filesize

    258KB

    MD5

    f8fd3bb1e0a949e81920829e0ec23a62

    SHA1

    628c948ac66d0f8e1a670a8509eb15c54fe3daa7

    SHA256

    1698e64972201261b36a1e914283d5bba494cc45283ab03d5c752c07cdabf83f

    SHA512

    a910751e0adb1d45780008eec6637bc8bf3a811eb0a8676825151ada1c9b1302fa6ae0d18ee44f30fb33d3f662ca2ef78a1dfc7e7a9b705d833881e99db69fae

    Download Submit

  • memory/2216-133-0x0000000000400000-0x0000000000448000-memory.dmp

    Filesize

    288KB

    Download

  • memory/3068-0-0x0000000000400000-0x0000000000474000-memory.dmp

    Filesize

    464KB

    Download

  • memory/3068-1-0x0000000000400000-0x0000000000474000-memory.dmp

    Filesize

    464KB

    Download

  • memory/3068-14-0x0000000000400000-0x0000000000474000-memory.dmp

    Filesize

    464KB

    Download